If the mongod server is started with the --sslCAFile option (Certificate Authority file for SSL), it is impossible to connect to the server from the mongotools (mongodump, mongoexport, etc.).
If a tool tries to connect, the server will log (as expected):
Fri Feb 22 16:10:51.393 [conn3] ERROR: no SSL certificate provided by peer; connection rejected Fri Feb 22 16:10:51.393 [conn3] SocketException handling request, closing client connection: 9001 socket exception [6]
Workaround: run the mongod with --sslWeakCertificateValidation (allow client to connect without presenting a certificate). With this option, if a client presents a certificate, it must present a certificate that is valid by the CA. However, clients are allowed to successfully connect if they present no certificate at all.
Fix: add support for these cmd line options.
- is depended on by
-
DOCS-1942 Document: mongo tools do not support --sslPEMKeyFile or --sslPEMKeyPassword
-
- Closed
-
- is duplicated by
-
SERVER-8681 add SSL support to all mongo tools
-
- Closed
-
- is related to
-
SERVER-11127 Add more tests for ssl client options
-
- Closed
-